Windows 2019
Sponsored Link

Active Directory : Add Group Accounts(CUI)
2019/02/22
 
Add Group Accounts with Commands on CUI.
[1] Run PowerShell or Command Prompt and use [dsadd group] command.
# show current group list
PS C:\Users\Administrator> dsquery group -name * 
"CN=Administrators,CN=Builtin,DC=srv,DC=world"
"CN=Users,CN=Builtin,DC=srv,DC=world"
"CN=Guests,CN=Builtin,DC=srv,DC=world"
"CN=Print Operators,CN=Builtin,DC=srv,DC=world"
"CN=Backup Operators,CN=Builtin,DC=srv,DC=world"
.....
.....

# for example, add [DBAdmin] group
PS C:\Users\Administrator> dsadd group CN=DBAdmin,CN=Users,DC=srv,DC=world `
-secgrp yes `
-scope g `
-desc "Database Admin Group" 
dsadd succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world

PS C:\Users\Administrator> dsquery group -name DBAdmin 
"CN=DBAdmin,CN=Users,DC=srv,DC=world"


# options for [dsadd group]
PS C:\Users\Administrator> dsadd group /? 
Description:  Adds a group to the directory.

Syntax:  dsadd group <GroupDN> [-secgrp {yes | no}] [-scope {l | g | u}]
        [-samid <SAMName>] [-desc <Description>] [-memberof <Group ...>]
        [-members <Member ...>] [{-s <Server> | -d <Domain>}] [-u <UserName>]
        [-p {<Password> | *}] [-q] [{-uc | -uco | -uci}]
.....
.....
[2] For adding members to a Group, Use [dsmod group] command.
# for example, add [Redstone] user to [DBAdmin] group
PS C:\Users\Administrator> dsmod group CN=DBAdmin,CN=Users,DC=srv,DC=world `
-addmbr CN=Redstone,CN=Users,DC=srv,DC=world 
dsmod succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world

# verify
PS C:\Users\Administrator> dsget group CN=DBAdmin,CN=Users,DC=srv,DC=world -members 
"CN=Redstone,CN=Users,DC=srv,DC=world"


# if delete a member from a group, do like follows
PS C:\Users\Administrator> dsmod group CN=DBAdmin,CN=Users,DC=srv,DC=world `
-rmmbr CN=Redstone,CN=Users,DC=srv,DC=world 
dsmod succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world
[3] If you'd like to delete groups, use [dsrm] command.
# for example, delete [DBAdmin] group
PS C:\Users\Administrator> dsrm "CN=DBAdmin,CN=Users,DC=srv,DC=world" 
Are you sure you wish to delete CN=DBAdmin,CN=Users,DC=srv,DC=world (Y/N)? y
dsrm succeeded:CN=DBAdmin,CN=Users,DC=srv,DC=world
[4] If you use PowerShell, It's possible to use Cmdlet for PowerShell.
# show current group list
PS C:\Users\Administrator> Get-ADGroup -Filter * | Format-Table DistinguishedName 

DistinguishedName
-----------------
CN=Administrators,CN=Builtin,DC=srv,DC=world
CN=Users,CN=Builtin,DC=srv,DC=world
CN=Guests,CN=Builtin,DC=srv,DC=world
CN=Print Operators,CN=Builtin,DC=srv,DC=world
CN=Backup Operators,CN=Builtin,DC=srv,DC=world
.....
.....

# for example, add [DBAdmin] group
PS C:\Users\Administrator> New-ADGroup DBAdmin `
-GroupScope Global `
-GroupCategory Security `
-Description "Database Admin Group" 

# verify
PS C:\Users\Administrator> Get-ADGroup -Identity DBAdmin 

DistinguishedName : CN=DBAdmin,CN=Users,DC=srv,DC=world
GroupCategory     : Security
GroupScope        : Global
Name              : DBAdmin
ObjectClass       : group
ObjectGUID        : 401cf330-57a3-4352-bb00-8e1932b47036
SamAccountName    : DBAdmin
SID               : S-1-5-21-1938244123-2570910143-1886879425-1110


# if delete, do like follows
PS C:\Users\Administrator> Remove-ADGroup -Identity "CN=DBAdmin,CN=Users,DC=srv,DC=world" 

Confirm
Are you sure you want to perform this action?
Performing the operation "Remove" on target "CN=DBAdmin,CN=Users,DC=srv,DC=world".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y


# options for [New-ADGroup]
PS C:\Users\Administrator> Get-Help New-ADGroup 

NAME
    New-ADGroup

SYNOPSIS
    Creates an Active Directory group.


SYNTAX
    New-ADGroup [-Name] <String> [-GroupScope] {DomainLocal | Global | Universal} [-AuthType {Negotiate | Basic}] [-Cre
    dential <PSCredential>] [-Description <String>] [-DisplayName <String>] [-GroupCategory {Distribution | Security}]
    [-HomePage <String>] [-Instance <ADGroup>] [-ManagedBy <ADPrincipal>] [-OtherAttributes <Hashtable>] [-PassThru] [-
    Path <String>] [-SamAccountName <String>] [-Server <String>] [-Confirm] [-WhatIf] [<CommonParameters>]

.....
.....
Matched Content
 
Tweet